A storage system is a processing system adapted to store and retrieve data on storage devices, such as disks. The storage system includes a storage operating system that implements a file system to logically organize the data as one or more storage objects on the storage devices. For example, the file system may organize the data on the storage devices as a hierarchical structure of directories and files, as one or more volumes, as one or more logical units, etc. A storage system may be configured to allow particular clients (e.g., users, server systems, applications, devices, etc.) to access its contents, for example, to read or write data to the storage devices.
A saver system coupled with the storage system through a network may execute an application that “connects” to the storage system through the network to access particular data of the storage system. An application of the server system may send an “access request” to the storage system specifying a particular operation (e.g., read or write operation) to be performed on a particular storage object stored on the storage system. The access request may originate and be received from a particular user of the application. For example, a particular administrator-level user may request a backup operation of a particular email database (storage object) stored on the storage system.
Before performing a received access request, a storage system will typically perform an authorization process that determines whether or not the received access request is permitted and allow or not allow the received access request to be performed. Typically, the authorization process performed by the storage system is a rudimentary process that does not determine authorization of access requests based on several parameters. For example, a typical authorization process may simply determine whether the user sending the access request has permission to access the storage system, and if so, allows the access request to be performed. As such, typical authorization processes do not provide granular/precise control of access to storage systems.
Also, each storage system typically determines authorization of access requests independently by maintaining a separate access list (e.g., comprising a list of users allowed to access the storage system) that is used to determine authorizations of access requests. As such, for an entity implementing a large collection of server systems and storage systems, the entity must individually maintain and update each access list for each storage system as users of the various server systems and access permissions continually change. As such, there is a need for a more efficient and precise method for authorizing access requests for storage systems.